mirror of https://github.com/acidanthera/audk.git
SecurityPkg: Correct NumberOfPCRBanks calculation.
Previously, NumberOfPCRBanks is calculated based on TPM capability. However, there might be a case that TPM hardware support 1 algorithm, but BIOS does not support and BIOS mask it via PCD. This causes the conflict between HashAlgorithmBitmap and NumberOfPCRBanks. So we move the NumberOfPCRBanks calculation based on HashAlgorithmBitmap to make sure the data is consistent. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19660 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
87361c6a54
commit
a3cad6f867
|
@ -2412,11 +2412,9 @@ DriverEntry (
|
||||||
if (EFI_ERROR (Status)) {
|
if (EFI_ERROR (Status)) {
|
||||||
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
|
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
|
||||||
TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
||||||
NumberOfPCRBanks = 1;
|
|
||||||
ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
||||||
} else {
|
} else {
|
||||||
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
|
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
|
||||||
NumberOfPCRBanks = 0;
|
|
||||||
TpmHashAlgorithmBitmap = 0;
|
TpmHashAlgorithmBitmap = 0;
|
||||||
ActivePCRBanks = 0;
|
ActivePCRBanks = 0;
|
||||||
for (Index = 0; Index < Pcrs.count; Index++) {
|
for (Index = 0; Index < Pcrs.count; Index++) {
|
||||||
|
@ -2424,35 +2422,30 @@ DriverEntry (
|
||||||
switch (Pcrs.pcrSelections[Index].hash) {
|
switch (Pcrs.pcrSelections[Index].hash) {
|
||||||
case TPM_ALG_SHA1:
|
case TPM_ALG_SHA1:
|
||||||
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
||||||
NumberOfPCRBanks ++;
|
|
||||||
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
||||||
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA256:
|
case TPM_ALG_SHA256:
|
||||||
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
|
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
|
||||||
NumberOfPCRBanks ++;
|
|
||||||
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
||||||
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
|
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA384:
|
case TPM_ALG_SHA384:
|
||||||
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
|
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
|
||||||
NumberOfPCRBanks ++;
|
|
||||||
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
||||||
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
|
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SHA512:
|
case TPM_ALG_SHA512:
|
||||||
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
|
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
|
||||||
NumberOfPCRBanks ++;
|
|
||||||
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
||||||
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
|
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case TPM_ALG_SM3_256:
|
case TPM_ALG_SM3_256:
|
||||||
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
|
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
|
||||||
NumberOfPCRBanks ++;
|
|
||||||
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
|
||||||
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
|
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
|
||||||
}
|
}
|
||||||
|
@ -2463,6 +2456,16 @@ DriverEntry (
|
||||||
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
||||||
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
|
||||||
|
|
||||||
|
//
|
||||||
|
// Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD.
|
||||||
|
//
|
||||||
|
NumberOfPCRBanks = 0;
|
||||||
|
for (Index = 0; Index < 32; Index++) {
|
||||||
|
if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {
|
||||||
|
NumberOfPCRBanks++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
|
if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
|
||||||
mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
|
mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue